VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:bce17c063e5d0b922b1bcabd4a8730c2
file type:EXE
Production company:QQ:67895212
version:2.5.0.5---2.5.0.5
Shell or compiler information:COMPILER:Elan
Subfile information:tool_restore.png / 9da7b2ff08b98d1f2ec5ccb42a436b75 / Unknown
tool_back.png / fb8a3ae1bcb01a2094296286d0067cc9 / Unknown
tool_fore.png / 3e16043cf72a49e7fd7be0d23c297c74 / Unknown
addr_go.png / 1911839dcd2466a9f6ab8a884eac4bd1 / Unknown
tool_fav.png / 64948ed3309bc68be66e57a53a055bb2 / Unknown
tool_home.png / fccb0790d55d07dfe88ff3b29a4d1177 / Unknown
tool_hao123.png / fccb0790d55d07dfe88ff3b29a4d1177 / Unknown
skin.ini / 22df04de05cb0d43d51e6f7d6dbcd909 / Unknown
win_close.png / 76072437dad3730a00fcca7f3270b07c / Unknown
search_go.png / dcdc960cf41701c18d8e9bcc425fdf0d / Unknown
tool_refresh.png / 118354018be94327f9ce632817468e8e / Unknown
win_shadow.png / b08f91aee63dd25f0215e7ea7feccac0 / Unknown
tool_stop.png / b320e8547cd2a21ea3289b8e0cde4dec / Unknown
win_restore.png / 6f2589ba74c241542191380466e6158a / Unknown
win_min.png / fdb8617ffa2e699936d097642d95fb2d / Unknown
win_max.png / 861b1c61fc809ea506996952f1cbf5ef / Unknown
win_skin.png / 504a68579a8d1d0f27f914b7c2756355 / Unknown
menu_shadow.png / f9c0356a8b66ec743c8dbd39bbb2dbd6 / Unknown
tab_hianim.png / 4bfa849197f60945572048dbaba182d5 / Unknown
Key behavior
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x010105b3.
Foreground window Info: HWND = 0x00000000, DC = 0x9001044c.
Foreground window Info: HWND = 0x00000000, DC = 0x06010632.
Foreground window Info: HWND = 0x00000000, DC = 0x9d0105a4.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2948, ThreadID = 2992, StartAddress = 77DC845A, Parameter = 00000000
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000051
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000051
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:窗口信息
details:Pid = 2948, Hwnd=0x60380, Text = 确定, ClassName = Button.
Pid = 2948, Hwnd=0x140306, Text = ########### 淄博VtopNet制作维护 ########### , ClassName = Static.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x010105b3.
Foreground window Info: HWND = 0x00000000, DC = 0x9001044c.
Foreground window Info: HWND = 0x00000000, DC = 0x06010632.
Foreground window Info: HWND = 0x00000000, DC = 0x9d0105a4.
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号